I am fascinated by the massive growth in mobile phone penetration globally. This must be one of the biggest social changes that humans were ever submitted to. I am sure that this social phenomena, will eventually impact the way that we trade and pay as well. This is what I am writing about. See disclaimer at the bottom of blog.

Saturday, December 29, 2007

Just a thank you for every-one that has made some time to read my blog during the past year. Thank you for bearing with me and some of my wayward ideas. I also appreciate all the feedback and comments. Also thank you for referencing this blog on others. I am humbled to see what great entries on mobile banking are published on the other blogs in this space. See the links on the side (all worthwhile reading).

Anyhow, wishing all of you a prosperous 2008. It is (no doubt) going to be an amazing mobile banking year.

Tuesday, December 11, 2007

Today's Google Alert for "mobile banking" delivered 29 hits. This is by far more than what has been delivered to me in the past. Although not a direct metric of mobile banking take-up, it does indicate an fast growing interest in mobile banking. Much more people are talking and writing about it.

Saturday, December 08, 2007

After having read my previous blog-post, I realised how scary it can be for un-informed people doing their banking in the electronic world. I thought one can make it simple by giving three simple rules to consumers that will make banking much safer. In my view these are:

1. Never write your passwords, PIN's or any security information down. Make sure that no-body can see this information or steal it in any way. When you feel that this information has been compromised, contact your bank or log on to the website or mobile phone and change the secret information to something else immediately.

2. Never communicate with your "bank" via a mechanism or channel that you are not fimiliar with. If your "bank" phone you or send you an e-mail or SMS requesting you to give security information, don't do it. Rather contact your bank via channels that you have used before (a known website, a known telephone-number or menu on your phone) to check this unsolicited request.

3. When your phone dies unexpectantly, phone your phone from another phone. If your number rings and it is not the phone in your hand that rings, chances are that your SIM has been swapped illegally. Phone your mobile Operator and report your phone as stolen so that they can switch it off immediately. Even if this does not stop a bank fraud, at least it will stop some-one calling on your account.

As with anything in life, safety is common-sense. People feel safe in their houses only because they know that they must lock-up at night. People feel safe in their cars, because they put on safety belts.... to feel safe in doing banking remotely, one must stick to a few simple rules.

I was phoned by one of South Africa's popular radio hosts (Bruce Whitfield) on 567 Cape Talk on Friday to ask my opinion on another recent fraud perpetrated by means of swapping the SIM of the target account holder (See story) (Transcript of the call). It is of concern that these incidents are creating the perception that mobile banking is not safe, as it does not have anything to do with mobile banking.

In order to explain this statement, I need to describe how South African banks have improved Internet Banking by utilising an additional channel to improve the security of sensitive transactions. Most South African banks enable customers to log into their Internet banking websites in the acceptable ways through entering Username/Account-number and a secret password. Some have even improved on this by utilising soft-keypads (to counter key-logging attacks) and partial passwords. Typically this would be viewed as "strong-enough" security in most places in the world.

However, most South African banks have improved on this security by also sending a one-time password to a client's mobile phone for sensitive transactions (e.g. registration of a new beneficiary). The client is then required to enter this one-time password into the Website. This is an ADDITIONAL security mechanism for Internet Banking.

If the passwords of a victim were compromised (either by means of phishing, resetting or physical stealing), a fraudster would have been able to commit a fraud in most other countries. However in South Africa, the fraudster is now also confronted with the need to have access to the one-time password that will be sent to the victim's mobile phone. It is in these instances that an illegal SIM swap is performed to get access to the one-time password.

This fraud is solely to perform an Internet Banking fraud and has very little to do with mobile banking. We at Fundamo have deployed more advanced functionality that would have countered even these types of frauds which I will not publish. What we have deployed for one of our clients is a feedback mechanism from the Mobile Operator that would render the sending of a one-time password temporary suspended in the case of a SIM swap. The customer is then required to confirm the SIM swap with the bank first (via other security mechanisms), before the transaction can be completed.

Followers

About Me

Disclaimer

This is my personal blog. It is not my intention to distribute news that is available elsewhere, but rather comment on it or provide the reader with my own thoughts. Unless otherwise stated, the views expressed on this blog are mine alone. I expressly disclaim any and all liability of any kind or nature with respect to any act or omission based wholly or in part in reliance on anything contained on this blog. Any links that appear on this blog are purely for your information. I'm not making any representations as to their content or, in fact, any other matter concerning them. Follow all links at your own risk.